Access to information, applications and other types of resources is commonly regulated based on privileges assigned to users and/or devices. For example, privileges may define a level of security clearance that a user and/or device must have or meet to access a particular resource. Thus, if an application requires top secret clearance, a user may be required to have top secret privileges in order to access and/or use the application or functions thereof. Similarly, access to one or more portions of a company's financial data may be regulated by a user's title and/or rank as defined within the company or by the company's organization chart. For example, access to earnings projections for the current quarter might be restricted to those employees or users having a title or position of Manager or higher. Accordingly, those that have not attained a position of Manager might be denied access to the earnings projections.
Oftentimes, multiple applications and/or databases within a company or organization may use the same or similar privilege structures to manage access. To streamline the use and management of privilege information in such instances, companies and organizations have implemented management applications to centrally control privilege data common to the various databases and/or applications. For example, many current methods of managing privilege information across multiple applications use various Lightweight Directory Access Protocol (LDAP) solutions. When new applications and/or databases are added to the privilege management system, however, LDAP solutions generally require additional programming and/or development to accommodate the new applications and/or databases. In addition, LDAP solutions may also require further modification and/or reconfiguration in response to an application currently managed by the LDAP solution being updated and/or reconfigured.
For the foregoing reasons, a flexible and extensible system and method for managing privilege information across multiple applications and/or databases is needed.